Your new Nostr_Event class looks like it follows NIP-98, but:

a) haven't actually used it (it's not called anywhere in the code) and

b) your class doesn't implement the signature check, so it's simple to send a fake one.

You can't really avoid the cryptography in the back end. Without a signature check, you can't be sure the event isn't faked.